The following document contains the results of SpotBugs
SpotBugs Version is 4.8.5
Threshold is medium
Effort is default
Classes | Bugs | Errors | Missing Classes |
---|---|---|---|
27 | 21 | 0 | 4 |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 77 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 354 | Medium |
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 624 | Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 659 | Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 484 | Medium |
Redundant nullcheck of th, which is known to be non-null in org.apache.rat.mp.AbstractRatMojo.getPatternsFromFile(File, String) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 530 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Exception thrown in class org.apache.rat.mp.FilesReportable at new org.apache.rat.mp.FilesReportable(File, String[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 38 | Medium |
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 51 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Found reliance on default encoding in org.apache.rat.mp.RatCheckMojo.check(): java.io.ByteArrayOutputStream.toString() | I18N | DM_DEFAULT_ENCODING | 154 | High |
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 194 | Medium |
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.mp.RatCheckMojo.getConfiguration() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 184 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Found reliance on default encoding in org.apache.rat.mp.RatReportMojo.executeReport(Locale): java.io.ByteArrayOutputStream.toString() | I18N | DM_DEFAULT_ENCODING | 412 | High |
org.apache.rat.mp.RatReportMojo.getSink() may expose internal representation by returning RatReportMojo.sink | MALICIOUS_CODE | EI_EXPOSE_REP | 328 | Medium |
org.apache.rat.mp.RatReportMojo.generate(Sink, SinkFactory, Locale) may expose internal representation by storing an externally mutable object into RatReportMojo.sink | MALICIOUS_CODE | EI_EXPOSE_REP2 | 258 | Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 141 | Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 278 | Medium |
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.mp.RatReportMojo.execute() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 162 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Format string should use %n rather than \n in org.apache.rat.mp.Regex.set(String) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 33 | Medium |
Format string should use %n rather than \n in org.apache.rat.mp.Regex.setExpr(String) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 29 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 61 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Suspicious comparison of Boolean references in org.apache.rat.mp.util.ignore.IgnoringDirectoryScanner.matchesAnIgnoreMatcher(String) | BAD_PRACTICE | RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN | 44 | Medium |